Emerging Threats in the Emerging Threats in the Emerging Threats in the Emerging Threats in the Battle Against Cybercrime Battle Against Cybercrime Battle Against Cybercrime Battle Against Cybercrime Erez Liebermann, Assistant United States Attorney Erez Liebermann, Assistant United States Attorney Deputy Chief, Economic Crimes Unit Deputy Chief, Economic Crimes Unit Chief, Computer Hacking and IP Section Chief, Computer Hacking and IP Section District of New Jersey District of New Jersey District of New Jersey District of New Jersey
57
Embed
Emerging Threats in theEmerging Threats in the Battle Against ...media.techtarget.com/searchSecurity/downloads/EmergingThreatsB… · Emerging Threats in theEmerging Threats in the
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Emerging Threats in theEmerging Threats in theEmerging Threats in the Emerging Threats in the Battle Against CybercrimeBattle Against CybercrimeBattle Against CybercrimeBattle Against Cybercrime
Erez Liebermann, Assistant United States AttorneyErez Liebermann, Assistant United States AttorneyDeputy Chief, Economic Crimes UnitDeputy Chief, Economic Crimes Unit
Chief, Computer Hacking and IP SectionChief, Computer Hacking and IP SectionDistrict of New JerseyDistrict of New JerseyDistrict of New JerseyDistrict of New Jersey
Laws and Penalties• Computer Fraud and Abuse Act
• Identity Theft
• Access Device Fraud• Access Device Fraud
• Intellectual Property Laws
Where Are We Now?Where Are We Now?
Case Studies
U.S. v. Albert Gonzalez
• Where we meet Albert G l ?Gonzalez?• Arrested for ATM Fraud• 2003
• ShadowcrewS ado c e• Landmark Carding Case• Indictment October 2004Indictment October 2004• 21 Arrested in U.S.; Others Overseas
GonzalezGonzalez
TJX Hacking Investigation
• 2003 to 2008: • TJX• BJ’s Wholesale Club• OfficeMax• Boston Market• Barnes & Noble
Updating-script g yruns every day on every Unix server.
Legit 1 and Legit 2 are innocuous scripts.
Legit_1 Legit_2
Legit_1 and Legit_2 are innocuous scripts. Lin wrote Legit_1. He did not write Legit_2, but he did add a line in it which calls perfnck.
perfnck perfdatPerfnsck compares the current date with the date in perfdat. If they match, perfnck sets the following scripts in motion
Check date
following scripts in motion.
omb
dirsncksysmsgck
setvarsHolds information e l
ogic
bo
Sets up environment
WIPES OUT SYSTEM
on which part of the server to wipe outThe
• Medco Health Solutions, Inc. –edco ea t So ut o s, cCont’d
• Pleaded Guilty
• Employee
Cyber ExtortionCyber Extortion
• Actual breach into computer systemsy
Th t d b h i t • Threatened breach into computer system
Military Hacky
• United States v. Gary McKinnony• Weapons Station Earle• NASANASA• Pentagon
• Searching for info on UFO’s?• Searching for info on UFO s?
“US foreign policy is akin to US foreign policy is akin to government sponsored terrorism th d It t i t k these days... It was not a mistake that there was a huge security stand-down on September 11 last year... I am SOLO. I will continue yto disrupt at the highest levels.”
Data Breaches: To Report N t t R t?or Not to Report?
• Data breach notification laws
• Cooperate with authorities
• Avoid aggravating factors in a Avoid aggravating factors in a lawsuit
What if it Happens?
• Call Law Enforcement.
• But• But…
Myth:y“If I call law enforcement, they won’t enforcement, they won t care.”
Myth:y“Law enforcement won’t be able to catch won t be able to catch the bad guys.”
M thMyth:“I can handle the situation myself.”y
M thMyth:“If I just patch the security hole, restore y ,my data, and fire the dirty insider, then I dirty insider, then I don’t need to tell anyone ”anyone.
M thMyth:“If I call law enforcement, they’ll enforcement, they ll come and take my servers away ”servers away.
Myth:“If I report to law enforcement I’ll lose enforcement, I ll lose control of my proprietary data ”proprietary data.
Best Practices
• Protect the rights of the victim.• Consult with senior management• Consult with senior management.• Consult with IT staff.• Minimize disruption to the company• Minimize disruption to the company.• Coordinate media releases.• Keep the company informed• Keep the company informed.• Build relationships before an
intrusion.intrusion.
Steps to ProtectSteps to Protect
•Logs, Logs and more Logs.•Separation of Powers•Separation of Powers.•Click-Through Banners.•Extra vigilance.•Immediate cut-off•Immediate cut-off.